Belchior Foundry VCard Authentication Bypass Vulnerability
BID:9910
Info
Belchior Foundry VCard Authentication Bypass Vulnerability
| Bugtraq ID: | 9910 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 17 2004 12:00AM |
| Updated: | Mar 17 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to saudi linux <[email protected]>. |
| Vulnerable: |
Belchior Foundry vCard 2.8 |
| Not Vulnerable: | |
Discussion
Belchior Foundry VCard Authentication Bypass Vulnerability
It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin functionality without having to first authenticate to the application.
This issue may be leveraged to manipulate the application database, potentially destroying data.
It has been reported that vCard is prone to a remote authentication bypass vulnerability. This issue is due to a design error that would allow a malicious user access to certain admin functionality without having to first authenticate to the application.
This issue may be leveraged to manipulate the application database, potentially destroying data.
Exploit / POC
Belchior Foundry VCard Authentication Bypass Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/vcard/admin/uninstall.php
http://www.example.com/vcard/admin/uninstall.php?step=2
No exploit is required to leverage this issue. The following proof of concept has been provided:
http://www.example.com/vcard/admin/uninstall.php
http://www.example.com/vcard/admin/uninstall.php?step=2
Solution / Fix
Belchior Foundry VCard Authentication Bypass Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Belchior Foundry VCard Authentication Bypass Vulnerability
References:
References:
- Vendor Home Page (Belchior Foundry)
- VCard 2.8 uninstall script problem (saudi linux